My Netflix account was hacked, I’m concerned and you must be too
Lessons on security can be unnerving.
Updated:Sat, May 08, 2021 12:44pm
By Nash David
Last night, I reached home after a rather long day. One of the only indulgence I can afford in my busy schedule is some online streaming. It's my personal choice to reject piracy, and pay for legal consumption. I don't run pirated software, visit websites that may not be secure, or trustworthy. I follow hygiene with the passwords I set. But despite that, what I experienced, left me dumbfounded. Cutting a long story short, I ve subscribed to quite a few online streaming services, with the top three services being Netflix, Amazon Prime, and Hotstar.
Yesterday was no different. Once I was done with a few chores, I switched on the tele, and headed to Netflix. I was a bit startled to see the interface change to Spanish. I messaged a few colleagues to check if this was some bug. And since we discuss shows we watch, one of them was quick to respond, I guess you are watching Narcos a bit too much. To his credit, that was funny. I smiled. I only wished his timing was better. I was beginning to panic. I thought for a bit, probably Netflix was detecting Spain as my geolocation. Since I was on a Vodafone connection, I wondered if the telco was rerouting traffic through some other region to take on Reliance Jio. But that was just me overthinking. Talk of analysis. Never underestimate a tense mind. Nonetheless, thus began my investigation.
Checking my Netflix account online
The first jolt I dealt with was the email address associated with the Netflix account. The ID on record was changed to something else firstname.lastname@example.org. At around nine in the night, this wasn't my ideal plan to unwind. Under billing details, I could see my credit card. The mobile number was mine. But the email address belonged to someone else! My heart skipped a beat. If I remember correctly, I could hear my heartbeat. It was increasing in intensity and frequency.
I feared getting another message. Of a transaction on my credit card. You keep hearing those kind of urban tales all the time. I sifted through my email to find a couple I missed out on. They were sent at 2:14AM. Obviously, I was going to miss them. An app notification, may be? Or a text message, or both would be better? If I can miss those emails, you can too. The first email from Netflix was a new sign-in alert. A computer based in Equador was accessing my Netflix profile. That was a start. Where's two-factor authentication when you need it? When disaster strikes, you survive it, and rationalize it in retrospect.
This email was promptly followed by another. My email address had been changed. Hah! I could no longer use my own email address to sign in to Netflix. And I'd just discovered this 19 hours later.
Waiting for Netflix help
I now had better clarity of the situation, but nothing could help with panic. I had to seek help. I clicked on the link that was included in the Netflix notification email. Although limited, I'd say it's still better than Uber. I finally found myself talking to a human, after being placed on a data call for over five minutes, which I spent listening to soundtracks from its popular shows. Once again, Narcos happened to be one of them. But I resisted using unpleasantries used by the protagonist.
The Netflix guy (as I'd prefer referring to him) was re-assuring while assuaging my concerns around my credit card details. He was confident there was no way hackers would gain access to it. Neither Netflix or anyone else can gain access to payment information. I was regaining focus. The email address, in his words, felt like it had been changed to a dummy address that probably doesn t even exist".
What I was now gathering is this is usual modus operandi of the rogues. And since I was subscribed to a top-tier plan with access to multiple devices simultaneously, it didn t stop unauthorized people to simultaneously watch shows with me, via my account, in a different country. Well done, leech! I don t mind sharing my account with you, but ask. Nicely. Well, on deeper thought, your viewing pattern is resulting in recommendations for me. Not cool.
Thanks to capabilities built into Gmail, I'm certain my email account isn t compromised. Besides, I ve used different passwords for my Netflix account and my email account.
Netflix Viewing history
Once my account details were reset, I changed my password. And then went to the viewing history. I discovered I was dealing with a case of Suits addiction. The user probably had an Android phone as well. With similar IP addresses, was also downloading season after season of Suits on an Android phone. Here I was, paying Netflix in India to be able to consume high quality video, while some ingenuous and crafty individual sat back, relaxed and enjoyed Suits with salsa!
I had visitors from Equador in the real wild west, and Thailand in the wild east. With everything reset, I hoped that the simultaneous access would stop. But no, it continued. Till I had to specifically remove the device.
I expected better, Netflix. I expected better. I've taken off my payment details, and am waiting for this month to pass, before I reconsider subscribing to the service again. I love the content on Netflix, but I'd like it to be a fair deal. I pay, while people I know enjoy your shows. Strange people and stranger things can get creepy, don't you think?